Search by Job Title

Director of SecurityLivingSocial

THIS JOB HAS EXPIRED

Description:

The Director of Information Security is responsible for establishing and maintaining a corporate wide information security program to ensure that information assets are adequately protected. This position is responsible for identifying, evaluating and reporting on information security risks in a manner that meets compliance and regulatory requirements. The Director position requires a visionary leader with strong skills in technology and business management. The Director will proactively work with business units to implement practices that meet defined policies and standards for information security. He or she will also oversee all IT risk management activities.

A key element of the Director's role is working with executive management to determine acceptable levels of risk for the organization. The ideal candidate is an integrator of people and processes, a thought leader, a problem solver, an effective consultant and should possess solid domain competency in the field of information security by having eight to ten years of direct experience.

Responsibilities Include:

Develop, implement and monitor a strategic, comprehensive enterprise information security and risk management program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the organization.
Manage the enterprise's security organization, consisting of direct reports and indirect reports (such as individuals in business continuity and IT operations), including hiring, training, staff development, performance management and annual compensation review.
Develop, communicate and ensure compliance with organizational security policies and standards.
Develop and manage information security budgets and monitor them for variances.
Create and manage information security and risk management awareness training programs for all employees, contractors and approved system users.
Work directly with the business units to facilitate IT risk analysis and risk management processes, identify acceptable levels of risk, and establish roles and responsibilities with regard to information classification and protection.
Provide subject matter expertise to executive management on a broad range of information security standards and best practices, such as PCI DSS and ISO 27000.
Provide strategic and tactical security guidance for all IT projects, including the evaluation and recommendation of technical security controls.
Ensure applications are developed and maintained in secure manner.
Liaise with the enterprise architecture team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures.
Coordinate information security and risk management projects with staff from the IT organization and business unit teams.
Ensure that security programs are in compliance with applicable laws, regulations and policies to minimize or eliminate risk and audit findings. (Examples of applicable laws and regulations include the Payment Card Industry Data Security Standard (PCI-DSS) Sarbanes-Oxley Act (SOX), and the Health Insurance Portability and Accountability Act.(HIPAA)).
Liaise between the information security team and corporate compliance, audit, legal and HR management teams as required.
Create and facilitate the information security risk assessment process, including reporting and oversight of remediation efforts to address negative findings.
Manage security incidents and events to protect corporate IT assets, including intellectual property, fixed assets and the company's reputation.
Coordinate the use of external resources involved in the information security program, including, but not limited to, interviewing, negotiating contracts and fees, and managing external resources.
Develop business-relevant metrics to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation and increase the maturity of the security program.
Facilitate business alignment and communications by forming an information security steering committee or advisory board.

Requirements and Qualifications

Minimum of eight to 10 years experience in a combination of risk management, information security and IT jobs.
Excellent written and verbal communication skills; interpersonal and collaborative skills; and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
Must be a critical thinker with strong problem-solving skills.
Knowledge of technological trends and developments in the area of information security and risk management.
Project management skills; financial/budget management, scheduling and resource management.
Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
Degree in business administration or a technology-related field, or equivalent work- or education-related experience.
Professional certification, such as a CISSP, CISM, CISA, QSA, or other information security credentials, is preferred.
Proficient with personal computers; experience with productivity software, such as Windows, Microsoft Office software and so forth.
Knowledge of security and control frameworks, such as ISO 27002
Experience with contract and vendor negotiations.
High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity.
High degree of initiative, dependability and ability to work with little supervision.

LivingSocial appreciates your interest in our company as a place of employment. It is the policy of LivingSocial to provide equal opportunity for employment to all qualified employees and applicants, regardless of race, religion, religious affiliation, ancestry, citizenship status, marital status, familial status, sexual orientation, color, creed, national origin, sex, age, disability, or veteran status. This policy applies to all areas of employment including recruitment, placement, training, transfer, promotion, termination, pay, and other forms of compensation and benefits. The company will comply with its legal obligation to provide reasonable accommodations to qualified individuals with disabilities.

LivingSocial is redefining localized online advertising and social commerce, while building a great company and having a blast along the way. The explosive growth and potential of LivingSocial has been recognized by both new and traditional media - from the Wall Street Journal to Facebook's CEO. To help fuel our growth, LivingSocial has secured over 49 million in funding this year from some of the most prominent venture capital companies in the nation. Shipping Product 20 - 50M RaisedInvestors:Grotech Ventures, IVP-Institutional Venture Partners, Revolution, U.S. Venture PartnersAll Jobs:at LivingSocial

LivingSocial is the local marketplace to buy and share the best things to do in your city.
With unique and diverse offerings each day, we inspire members to discover everything from weekend excursions to one-of-a kind events and experiences to exclusive gourmet dinners to family aquarium outings and more.
We help local businesses grow by introducing them to high-quality new customers and give merchants the tools to make our members their regulars.
Based in Washington, DC, we have more than 70 million members around the world.